summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2017-02-02BFD: SHA1 authenticationKlement Sekera9-258/+1459
Add authentication support to BFD feature. Out of three existing authentication types, implement SHA1 (sole RFC requirement). Simple password is insecure and MD5 is discouraged by the RFC, so ignore those. Add/change APIs to allow configuring BFD authentication keys and their usage with BFD sessions. Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-02-02BFD: improve finding of ipv4/ipv6 headersKlement Sekera1-48/+62
Avoid coverity warning and improve safety by declaring a helper structure and working with it when searching for ip headers. Make sure the content following IPv6 header is actually UDP before parsing it. Bail out if unexpcted IPv6 header found ... Change-Id: I1c6b9fd42d6fdae226f12c91c53c07a932b29522 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-02-02dpdk: fix crypto coverity warningSergio Gonzalez Monroy1-1/+2
Change-Id: I165b64fdc12dd2936df1958348e93b709ce0e784 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-02-02SNAT: changed source for outbound address FIB entry (VPP-613)Matus Fabian1-5/+2
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for flags and resolving interface get. Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-02LISP: enhance binary part of some APIsFilip Tehlar2-44/+35
Remote mapping and locator set binary APIs uses zero length arrays defined as 'u8 array[0]' in .api file. This path will change such cases to form 'type_t array[count];' in order to enhance maintainability. Change-Id: I98d0252b441020609c550d48186ed0d8338a3f2d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-02-02VXLAN: further unify ip4/ip6 ctl plane handlingEyal Bari2-83/+55
fix wrong udp error codes in decap ip6 handling Change-Id: Ibf791a995128d38b31725c1ee67ec9d1c9dffca2 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-01-31BFD: reformat code to match vpp code styleKlement Sekera1-158/+186
Change-Id: I40deb8b40f5d3a96d2c0dcb400f489cd05a64348 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-01-31VXLAN: small changes for brevityEyal Bari1-49/+16
Change-Id: I9cfff0196845c6f1161848aa49442aa4df81b20e Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-01-31MFIB Coverity warnings. The lock macro is functionally equivalent but more ↵Neale Ranns2-25/+40
expressive (and might appease coverity) Change-Id: Ie3c9b2896a487a0302903bfbdd6348f6f091c67d Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-31Add vxlan-bypass feature to IP6 forwarding pathJohn Lo6-182/+468
Add vxlan-bypass feature which can be enabled on the IP6 underlay interface which receive VXLAN packets to accelerate VXLAN decap processing. The CLI to enable/disable it is: set interface ip6 vxlan-bypass <interface> [del] The vxlan-bypass feature is already supported on the IP4 underlay interface. The CLI to enable/disable it is: set interface ip vxlan-bypass <interface> [del] Move vxlan-bypass API/CLI support code from decap.c to vxlan.c. Also fixed two issues in the VXLAN decap path in the vxlan-input node: 1. Add verification of VXLAN packet FIB index with the encap-vrf-id of the VXLAN tunnel. 2. Fix checking of VXLANoIPv6 packet mcast DIP against that of the IP6 mcast VXLAN tunnel. Change-Id: I2bad4074a468c48fbb8bb5ac64f6437190756ed2 Signed-off-by: John Lo <loj@cisco.com>
2017-01-30VPP-621: ping: ICMP echo data size must be bounded by VLIB_BUFFER_DATA_SIZE ↵Andrew Yourtchenko2-29/+46
minus headers. Before the commit 878c6098 the VLIB_BUFFER_DATA_SIZE was different depending on whether building "vpp" or "vpp_lite", resulting in an overrun in vpp_lite build. Avoid the hardcoded value and make the upper bound for ICMP echo data size dependent on the buffer size. Change-Id: Id6c4d7fc73766a95af2610eb237881b5fe9ce9aa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-01-30Fixed set int state up for ipsec interfacesRadu Nicolau1-2/+2
Change-Id: I2330cb7c2ba0f5eaeb4e7a4c3de4f22283d3923d Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2017-01-30Fix LISP Coverity warningsFlorin Coras2-6/+16
Change-Id: Iaca2ff453872e638ee83b11fc16472e44deb9a7e Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-01-30LISP: add dump calls for GPE entries APIFilip Tehlar5-2/+249
Change-Id: Ie7f51643fd3522a0fa8df8d0309305481c211f5f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-01-28sh not show in the mfib flags commandsNeale Ranns1-2/+2
Change-Id: If10b878cb05d695eaed9416202fd19bed2e0b793 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-27API refactoring : policerPavel Kotucek3-0/+380
Change-Id: Ia7d8b557bcdf45eb8e33bb3d297bc6f7ad321c72 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-27dpdk: rework cryptodev ipsec build and setupSergio Gonzalez Monroy21-376/+436
Build Cryptodev IPsec support by default when DPDK is enabled but only build hardware Cryptodev PMDs. To enable Cryptodev support, a new startup.conf option for dpdk has been introduced 'enable-cryptodev'. During VPP init, if Cryptodev support is not enabled or not enough cryptodev resources are available then default to OpenSSL ipsec implementation. Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-01-27API refactoring : copPavel Kotucek3-0/+230
Change-Id: I1596d7a130fb6d3b170b8e01f2116b323cc10c0d Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-27dpdk : incorrect rx filter being installedPavel Kotucek3-1/+20
When mac address is set prior bringing interface up incorrect rx filter being installed into the e1000 mac. Change-Id: If59a2bf16f732e45221b3787d271307d369e54d3 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-27IP Multicast FIB (mfib)Neale Ranns74-1641/+10141
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match - Replication represented via a new replicate DPO. - RPF configuration and data-plane checking - data-plane signals sent to listening control planes. The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast. 'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests. Updated applications to use the new MIFB functions; - IPv6 NS/RA. - DHCPv6 unit tests for these are undated accordingly. Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-27API refactoring : l2 (add)Pavel Kotucek2-1/+147
Change-Id: I693a73ba9a5e3b0cb5d2a6c5d363f671e19c1f24 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-26DHCPv[46] proxy testsNeale Ranns1-1/+29
Change-Id: I6aaf9c602cd515ed9d4416d286f9191d048c1a87 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-26API refactoring : dhcpPavel Kotucek3-0/+420
Change-Id: I3829835ed2126e51e96690c907deac623dc77151 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-26Add option to use LISP Proxy-ETRFlorin Coras5-37/+349
When enabled, destinations with negative mappings or those not reachable via underlay have their traffic forwarded to the PETR. Change-Id: I1056b0959736144f27fcca7b79263f921e7a8bd9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-01-25[re]Enable per-Adjacency/neighbour countersNeale Ranns5-52/+65
Change-Id: I953b3888bbc6d8a5f53f684a5edc8742b382f323 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-25Move LISP cp cli to separate fileFlorin Coras3-1415/+1460
Change-Id: I24355c71606c047e474b2541bb274e3d183fee85 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-01-25API refactoring : flowPavel Kotucek3-0/+571
Change-Id: I99e913b954f8b02f347bfeff093856a1c5e96781 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-25span: tx functionalityPavel Kotucek1-2/+2
span-output (tx) was enabled on wrong arc_name Change-Id: Ic21dfaec35c975de79abec66421b353637ac9394 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-25API refactoring : classifyPavel Kotucek3-0/+912
Change-Id: Ib75197ef8e5057e7f0d9361a10705c3743d05333 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-24ping: fix double-free crash under VMWare hypervisorAndrew Yourtchenko1-2/+2
bi0 retrieval from the ping reply events vector was incorrectly done always from the first element. For TBD reason the sending of the ping requests under VMWare was batched, as a result the replies arrive close enough to make the events arrive as an array, which exposed this bug. KVM never exhibited this behavior, which explains not seeing this issue there. Change-Id: I485d6f983571e25baa9407c21ef604937586d8bd Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-01-23LISP: add RLOC and map-notify countersFilip Tehlar1-20/+97
Change-Id: Ie6dd9521507cd4731f1bad99c50238310238914f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-01-20Fix coverity warning, VPP-608Dave Barach1-0/+3
Change-Id: I1086debdf90a51205af17c35e93cd9aeff598135 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-20VXLAN - Add IPv6 tunnels src ref countEyal Bari2-84/+68
and refactored hash table mem keys access hash_set_key_dup - same as hash_set_mem but duplicates the key hash_unset_key_free - same as hash_unset_mem but frees the key Change-Id: I18cdcf7e41c57faa615d6337acaf8d1ad058a4c1 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-01-19af_packet: multithreading supportMohsin KAZMI4-11/+86
This patch adds multithreading support for af_packet interfaces. Change-Id: Ief5d1117e7ffeaa59dbc2831e583d5d8e8d4fa7a Signed-off-by: Mohsin KAZMI <sykazmi@cisco.com>
2017-01-18Fix coverity warnings, VPP-608Dave Barach2-4/+9
Change-Id: Ib0144ba3a9a09971d3946c932e8fed6d5c1ad278 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-17Fix crash on deleting activated vhost-user - VPP-603Wojciech Dec1-3/+4
Vhost-user pool getting freed prematurely Change-Id: I952821ec85efa68923d09a643c70b6b309ea2574 Signed-off-by: Wojciech Dec <wdec@cisco.com>
2017-01-17BFD: IPv6 supportKlement Sekera4-82/+223
Change-Id: Iaa9538c7cca500c04cf2704e5bf87480543cfcdf Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-01-17dpdk: remove duplicate code in buffers.cDamjan Marion1-122/+9
Change-Id: Idc17b4a32d40012556d5d8550942db0372ebf23d Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-17DHCPv6 Proxy; fix crash when DHCPv6 prxy is not configured and client packet ↵Neale Ranns1-1/+5
is received Change-Id: I0250acdee803545b8923549e2099863a95544691 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-01-16Add --without-libssl configure parameterDamjan Marion2-13/+13
This replaces --without-ipsec and --without-ipv6sr and allows other parts of the code to be disabled if libssl is not available. Change-Id: Id97ff3685a7924d7f86622952e0405d94ceb5957 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-16dpdk: add 'show dpdk version' cliDamjan Marion1-0/+20
Change-Id: Iaecebae25ee4b8df8ca919992a0433e92e82e90c Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-16Fix LISP coverity warningFlorin Coras1-0/+1
- uninitialized field in locator pair Change-Id: I6832eaf5217eaad8f0fa8da1801aa31465c1f37d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-01-16dpdk: register rte_delay_us callback from vnetDamjan Marion1-0/+90
Change-Id: Ibf7fc9a54d3fbee431b4814fa8abc5ba29ed9eef Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-16LISP: Enhance IPx offset computingFilip Tehlar2-31/+37
Change-Id: I0ccb0db73bcf4e2a282cabd4ebbe49599fa8ee7c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-01-14Provision linux stack ip4 and ip6 addresses for tap interfacesDave Barach5-90/+270
To simplify system configuration. Converted existing code to use an argument structure, instead of [one or two too many] discrete parameters. Change-Id: I3eddfa74eeed918c1b04a6285fba494651594332 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-14vlib: add buffer and thread callbacksDamjan Marion8-13/+831
Change-Id: I8e2e8f94a884ab2f9909d0c83ba00edd38cdab77 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-14VPP-279: Document changes for vnet/vnet/devicesBilly McFall3-3/+97
Add doxygen documentation for netmap CLI commands. Change-Id: I8d3ce12b1cfa5af30ddcd31cb476ca4652cfc2f3 Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-01-13LISP: Fix gpe APIFilip Tehlar4-135/+79
Change-Id: Iba076fc13e3f870c49fc5ca971dc7b8799188a27 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-01-13VPP-580: Host Interface created via Command Line Arg is misnamedBilly McFall1-1/+1
Host interfaces created via the command-line arguments are missed named (i.e. - UnknownEthernet0 instead of af_packet0). In DPDK 16.11, they changed the driver names from eth_xxx to net_xxx. However, looks like the AF_PACKET driver still returns "AF_PACKET PMD" as the driver name in the rte_eth_dev_info_get(..) call. I modified the driver name look table in vnet/devices/dpdk/dpdk.h to revert the name back. Change-Id: I2b0a9f6b4d5245b76548027891d40f81a56b230d Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-01-12Account for pool realloc when importing FIB entries during VRF exportNeale Ranns1-4/+12
Change-Id: I8ec6d53fa9c0790f85802663f70a6b3630239f8d Signed-off-by: Neale Ranns <neale.ranns@cisco.com>